[Remote] Engineering Manager, Product Security
Note: The job is a remote job and is open to candidates in USA. Paxos is on a mission to open the world’s financial system to everyone by rebuilding financial infrastructure. The Engineering Manager, Product Security will lead a team of security engineers to secure AWS and Kubernetes infrastructure, ensuring applications are built and maintained safely while driving the technical direction for cloud and application security.ResponsibilitiesLead, coach, and develop a team of cloud and application security engineers, including setting clear goals, providing ongoing feedback, and running performance reviewsOwn the security posture of our cloud environment, including AWS account topology, access management, inner-service communication, network segmentation, and ongoing monitoring (e.g., Cloud Posture tools)Partner across the engineering and security organization to embed security into application designs, CI/CD pipelines, and influence roadmaps of other teamsEstablish and scale automated guardrails for infrastructure as code/policy as code, SAST, and DAST to reduce manual toilAct as Incident Commander for high-severity security incidents and vulnerabilities, coordinating technical response, stakeholder communication, and post-incident reviewsCollaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like NIST, and to support customer and regulator inquiriesPartner with leadership on headcount planning, hiring, and organizational design to ensure the Platform Security team scales with the businessChampion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidentlySkills8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application securityAt least 2–3 years of experience as an engineering manager, leading and developing security teamsProven experience leading security of production AWS environments at scale, including AWS Organizations, IAM, SCPs, Transit Gateways, WAFs, and logging/monitoringHands-on experience deploying secure applications to multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening)Strong fluency of SSDLC lifecycle, from design to threat modeling to deployment with a bias on possible automation at every step of the way (Terraform/CDK, Policy-as-Code, SAST, DAST, AI-based penetration testing, etc)Deep understanding of security architecture concepts, including Zero Trust, mTLS, access management, least privilege, OWASP and application and cloud hardening best practicesDemonstrated experience leading incident response as an Incident Commander for major vulnerabilities or breaches, including coordinating cross-functional teams under pressureProficiency in headcount planning, performance reviews, and mentorship, with a clear and thoughtful leadership philosophy you can articulate with examplesExcellent communication skills, with the ability to explain complex security risks and trade-offs to both deeply technical engineers and non-technical stakeholdersCompany OverviewPaxos is a regulated financial institution building infrastructure to enable movement between physical and digital assets. It was founded in 2012, and is headquartered in New York, New York, USA, with a workforce of 201-500 employees. Its website is https://www.paxos.com.Company H1B SponsorshipPaxos has a track record of offering H1B sponsorships, with 3 in 2026, 7 in 2025, 1 in 2024, 12 in 2023, 6 in 2022, 14 in 2021, 2 in 2020. Please note that this does not guarantee sponsorship for this specific role.